2024-04-10_1df206761414b2e97394229a9c06b454_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-10_1df206761414b2e97394229a9c06b454_magniber
Size

7.8MB
MD5

1df206761414b2e97394229a9c06b454
SHA1

aa6d1f3d839df8700552044c5e7ce493f5547e44
SHA256

b9d23445dd03194ef0490ca8eae02584bb1b2f0c32a2e949a02ce9c0889b7495
SHA512

17c89d5142fbe0a2b6c9f333e0c6ba3b2acffd9addcc524ab6a5f1422409e2b2369a8d9156ae092ec02d64ca169e14d7d5d0dfe1408cdc5173b44f6cfd69a36c
SSDEEP

196608:jzYZyaZ8PXKFmAjSI7D9r+wRuwJwxGZ+ESCfO6/G85jYF+xg9eav:AUaZIXC7jRr5RNJMe2CfO6/HHQeav

Score

1^/10

Malware Config

Signatures

Files

2024-04-10_1df206761414b2e97394229a9c06b454_magniber
.exe windows:5 windows x86 arch:x86

c10e483df6eb40383bc299a2ea30bfe2

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:09:95:83:8a:33:ff:87:c1:b3:ba:8a:04:1d:33:d6:4a:a0:58:78
Signer

Actual PE Digest

ad:09:95:83:8a:33:ff:87:c1:b3:ba:8a:04:1d:33:d6:4a:a0:58:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\360PCGamePlatform\trunk\Bin\Gameplat_chs.pdb

Imports

kernel32

CreateEventW
lstrcatW
GetVersion
lstrcpyW
GetSystemTime
TryEnterCriticalSection
GlobalSize
WaitForSingleObject
CopyFileW
TerminateProcess
ReleaseSemaphore
Process32FirstW
CreateSemaphoreW
Process32NextW
CreateToolhelp32Snapshot
TerminateThread
SuspendThread
CreateThread
AllocConsole
SetFilePointer
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
RaiseException
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
CreateMutexW
GetCommandLineW
GetVersionExW
MoveFileW
GetModuleFileNameW
GlobalFree
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
FormatMessageW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
CreateFileA
GetConsoleOutputCP
WriteConsoleA
GlobalUnlock
MoveFileExW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
FreeConsole
HeapCreate
GetCurrentThread
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
CancelWaitableTimer
CreateWaitableTimerW
SetWaitableTimer
ResetEvent
IsBadReadPtr
IsBadWritePtr
TlsSetValue
TlsAlloc
TlsFree
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsW
WaitForMultipleObjects
GetExitCodeProcess
SearchPathW
LocalAlloc
GetSystemTimeAsFileTime
GetProcessTimes
lstrcmpW
GlobalAlloc
SetEvent
GlobalLock
FreeResource
GetLogicalDrives
GetDiskFreeSpaceExW
GetLongPathNameW
GetTempPathW
GetLogicalDriveStringsW
GetDriveTypeW
GetTempFileNameW
ExitProcess
FindNextFileW
RemoveDirectoryW
FindClose
GetSystemDirectoryW
FindFirstFileW
DuplicateHandle
GetFileType
GetCurrentDirectoryW
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
DosDateTimeToFileTime
SetLastError
FlushInstructionCache
GetTickCount
GetFileAttributesW
SetEndOfFile
SetFileAttributesW
GetCurrentProcessId
OutputDebugStringA
GetLocalTime
GetStdHandle
GetLocaleInfoW
WriteConsoleW
WriteFile
OutputDebugStringW
GetModuleHandleExW
GetFileSize
GetVolumeInformationW
GetPrivateProfileIntW
DeviceIoControl
GetCurrentProcess
GetLastError
CreateFileW
ReadFile
lstrcpynW
LocalFree
GetPrivateProfileSectionW
DeleteFileW
LockResource
WritePrivateProfileStringW
MultiByteToWideChar
SizeofResource
GetPrivateProfileStringW
LoadResource
FindResourceW
FindResourceExW
lstrlenA
FreeLibrary
GetSystemInfo
SetErrorMode
GetFileTime
FileTimeToLocalFileTime
GetShortPathNameW
GetWindowsDirectoryW
VirtualQuery
OpenProcess
SetProcessWorkingSetSize
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FatalAppExitA
SetConsoleTextAttribute
GetPrivateProfileSectionNamesW
CloseHandle
GetProcAddress
lstrlenW
Sleep
LoadLibraryW
WideCharToMultiByte
CreateProcessW
FlushFileBuffers

user32

BringWindowToTop
GetForegroundWindow
TranslateMessage
AttachThreadInput
CharNextW
GetMessageW
DestroyWindow
GetShellWindow
MapVirtualKeyW
SwitchToThisWindow
DefWindowProcW
GetWindowThreadProcessId
DispatchMessageW
GetDesktopWindow
LoadStringW
PostMessageW
SetForegroundWindow
WaitForInputIdle
FindWindowW
ShowWindow
PeekMessageW
CloseClipboard
EmptyClipboard
FindWindowExW
OpenClipboard
GetDlgItemTextW
SetClipboardData
SetActiveWindow
EndPaint
ClientToScreen
GetWindowTextLengthW
UpdateLayeredWindow
SetWindowRgn
ScreenToClient
PrivateExtractIconsW
MonitorFromPoint
IsIconic
FillRect
SetCapture
DrawTextW
MsgWaitForMultipleObjects
IsZoomed
GetKeyState
DrawIconEx
GetFocus
AnimateWindow
TrackMouseEvent
DrawIcon
SetFocus
BeginPaint
PtInRect
GetIconInfo
GetDC
OffsetRect
InvalidateRect
GetWindowTextW
SystemParametersInfoW
SetClassLongW
ReleaseDC
GetDlgItem
RedrawWindow
IsWindowVisible
UpdateWindow
EnableWindow
SetWindowTextW
CopyRect
EnumDisplaySettingsW
GetMessagePos
MoveWindow
IsRectEmpty
SetTimer
GetWindowRect
PostQuitMessage
LoadImageW
KillTimer
GetParent
GetClientRect
MonitorFromWindow
SetWindowPos
IsWindow
GetSystemMetrics
SendMessageW
MapWindowPoints
GetMonitorInfoW
GetWindow
SendMessageTimeoutW
MessageBoxW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetWindowLongW
SetWindowLongW
CreateWindowExW
CallWindowProcW
UnregisterClassA
GetClipboardData
IsClipboardFormatAvailable
SetRect
SubtractRect
GetKeyNameTextW

gdi32

MoveToEx
SetBitmapBits
BitBlt
GetTextExtentPoint32W
SetViewportOrgEx
LineTo
SetTextColor
CreateDIBSection
CreateFontIndirectW
StretchBlt
SetBrushOrgEx
GetDIBits
GetCurrentObject
SetBkColor
ExcludeClipRect
CreateDCW
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
Rectangle
CreateFontW
GetObjectW
SetStretchBltMode
CreateRoundRectRgn
CreateRectRgn
CreatePen
GetClipBox
RoundRect
GetObjectA
GetStockObject
CreateSolidBrush
DeleteDC
GetBitmapBits
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

DuplicateTokenEx
GetTokenInformation
CopySid
RegSetKeySecurity
RegEnumKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegQueryValueExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
AddAce
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA

shell32

CommandLineToArgvW
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ord165
SHGetFolderPathW
ShellExecuteW
SHFreeNameMappings
SHAppBarMessage
SHGetFileInfoW
SHChangeNotify
SHGetSpecialFolderPathW

ole32

OleUninitialize
CoUnmarshalInterface
OleInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoMarshalInterface
CoCreateInstance

oleaut32

VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

shlwapi

PathCombineW
PathIsRootW
PathGetDriveNumberW
PathAddBackslashW
PathBuildRootW
SHDeleteKeyW
StrCmpIW
StrStrIW
SHSetValueW
SHGetValueA
StrToIntExW
PathIsURLW
PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW
PathIsNetworkPathW
StrStrW
StrDupW
StrRStrIW
PathIsDirectoryW
StrCatW
PathMatchSpecW
PathCanonicalizeW
StrCmpNIW
PathAppendW
PathFindExtensionW
PathRemoveExtensionW
StrToIntW
UrlCompareW
SHGetValueW
UrlCanonicalizeW
PathFileExistsW

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Draw
InitCommonControlsEx
ImageList_Duplicate

msimg32

AlphaBlend
TransparentBlt

wininet

FindCloseUrlCache
InternetQueryOptionW
InternetWriteFile
InternetReadFileExA
HttpEndRequestW
FtpOpenFileW
FindFirstUrlCacheEntryW
HttpSendRequestExW
InternetSetStatusCallbackW
InternetConnectW
InternetSetOptionA
InternetGetLastResponseInfoW
FtpCommandW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
HttpOpenRequestW
InternetReadFile
InternetOpenW
InternetCloseHandle
FtpGetFileSize
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetOpenUrlW
InternetOpenA
HttpQueryInfoW
InternetSetOptionW
InternetCrackUrlW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

CryptCATAdminReleaseContext
WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

netapi32

Netbios

winmm

timeBeginPeriod
timeSetEvent
timeKillEvent

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses
GetModuleFileNameExW
GetProcessMemoryInfo

urlmon

ObtainUserAgentString

Sections

.text
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c10e483df6eb40383bc299a2ea30bfe2

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ad:09:95:83:8a:33:ff:87:c1:b3:ba:8a:04:1d:33:d6:4a:a0:58:78Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

version

wintrust

netapi32

winmm

setupapi

crypt32

psapi

urlmon

Sections

.text Size: 788KB - Virtual size: 788KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 47KB - Virtual size: 84KB

.rsrc Size: 6.9MB - Virtual size: 6.9MB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ad:09:95:83:8a:33:ff:87:c1:b3:ba:8a:04:1d:33:d6:4a:a0:58:78
Signer

.text
Size: 788KB - Virtual size: 788KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 47KB - Virtual size: 84KB

.rsrc
Size: 6.9MB - Virtual size: 6.9MB